feat: add options to host rules to enable mTLS calls to host #24155
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
lyonlai
force-pushed
the
ylai/add-https-option-for-mtls-communication
branch
2 times, most recently
from
5ac05d9
to
930bfd3
Compare
rarkins
requested changes
Aug 30, 2023
lyonlai
force-pushed
the
ylai/add-https-option-for-mtls-communication
branch
from
930bfd3
to
612b0dc
Compare
rarkins
reviewed
Aug 30, 2023
rarkins
reviewed
Aug 31, 2023
Churro
reviewed
Aug 31, 2023
IMHO, together with the new option, it would be crucial to highlight that a private key must not be specified directly there. The consequence would be a complete loss of confidentiality and RSA / EC keys floating around in renovate configs. |
rarkins
reviewed
Aug 31, 2023
Co-authored-by: HonkingGoose <34918129+HonkingGoose@users.noreply.github.com>
…ggested format for privateKey
Co-authored-by: Rhys Arkins <rhys@arkins.net>
lyonlai
force-pushed
the
ylai/add-https-option-for-mtls-communication
branch
from
81a1219
to
aa06f5a
Compare
rarkins
requested changes
Sep 1, 2023
Co-authored-by: HonkingGoose <34918129+HonkingGoose@users.noreply.github.com>
HonkingGoose
suggested changes
Sep 4, 2023
Co-authored-by: HonkingGoose <34918129+HonkingGoose@users.noreply.github.com>
|
are we still waiting for anything else that needs to be resolved in this PR? |
rarkins
approved these changes
Sep 6, 2023
|
🎉 This PR is included in version 36.87.0 🎉 The release is available on:
Your semantic-release bot 📦🚀 |
This was referenced Oct 4, 2023
Merged
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Changes
Make the
certificateAuthority,privateKeyandcertificateoptions available inhostRulesoption and pass them intogotoptions so that Renovate will be able to communicate to target server that use mTLS as a way of authentication.Context
We need to be able to call an internal data source that require mTLS as authentication method. Hence the change. Ideally the keys, certs and CA certificate will be loaded in our self-hosting Renovate and feed through secrets option.
The loaded credentials will be passed to got's https options
Documentation (please check one with an [x])
How I've tested my work (please select one)
I have verified these changes via: